package com.sparrow.support;

import java.sql.Timestamp;
import java.util.Calendar;

import javax.servlet.http.Cookie;
import com.sparrow.constant.USER;
import com.sparrow.core.Log;
import com.sparrow.cryptogram.Base64SHA1;
import com.sparrow.cryptogram.ThreeDES;
import com.sparrow.utils.Config;
import com.sparrow.utils.JSUtil;

public class Login {
	public static String getUser(Cookie[] cookies) {
		return getUser(cookies, false);
	}

	public static String getPermisstion(String userId, String userLoginName,
			String cent, int expireDays) {

		Calendar calendar = Calendar.getInstance();
		calendar.setTimeInMillis(System.currentTimeMillis());
		calendar.add(Calendar.DATE, expireDays);
		String userInfo = String.format("id=%1$s&name=%2$s&t=%3$s&cent=%4$s",
				userId, userLoginName, calendar.getTimeInMillis(), cent);
		String signature = Base64SHA1.getInstance().getBase64SHA1(userInfo,
				Config.getValueInCache(USER.PASSWORD_SHA1_SECRET_KEY));
		return userInfo
				+ "&permission="
				+ ThreeDES.getInstance().encrypt(signature,
						Config.getValueInCache(USER.PASSWORD_3DAS_SECRET_KEY));
	}

	public static String getUser(Cookie[] cookies, boolean isName) {
		// 第一次请求时没有session id
		String userId = USER.VISITOR_ID;
		if (cookies == null) {
			return userId;
		}
		for (int i = 0; i < cookies.length; i++) {
			if (cookies[i].getName().equals(USER.PERMISSION)) {
				String permission = JSUtil.decodeURIComponent(cookies[i]
						.getValue());

				String searchPermission = "&permission=";
				int permissionIndex = permission.lastIndexOf(searchPermission);
				if (permissionIndex < 0) {
					continue;
				}
				String userInfo = permission.substring(0, permissionIndex);
				String[] userInfoArray = userInfo.split("&");
				userId = userInfoArray[0].substring("id=".length());
				String userName = userInfoArray[1].substring("name=".length());
				String t = userInfoArray[2].substring("t=".length());
				// 如果未过期
				if (new Timestamp(Long.valueOf(t)).after(new Timestamp(System
						.currentTimeMillis()))) {

					String signature = ThreeDES
							.getInstance()
							.decrypt(
									permission.substring(permissionIndex
											+ searchPermission.length()),
									Config.getValueInCache(USER.PASSWORD_3DAS_SECRET_KEY));
					String newSignature = Base64SHA1
							.getInstance()
							.getBase64SHA1(
									userInfo,
									Config.getValueInCache(USER.PASSWORD_SHA1_SECRET_KEY));
					if (signature.equals(newSignature)) {
						if (isName) {
							return userName;
						} else if (userName.equals(USER.ADMIN)) {
							userId = USER.ADMIN_ID;
						}
					}
				}
			}
		}
		return userId;
	}

	public static boolean hasEditPrivilege(String writerId, String currentUserId) {
		try {
			// 当前是游客则无操作权限
			if (currentUserId.equals(USER.VISITOR_ID)) {
				return false;
				// 当前是admin
			} else if (currentUserId.equals(USER.ADMIN_ID)) {
				return true;
				// 帖子作者是当前用户id
			} else if (writerId.equals(currentUserId)) {
				return true;
			} else {
				return false;
			}
		} catch (Exception e) {
			Log.getInstance().error(e);
			return false;
		}
	}
}
